This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.
Continue
Learn More

Some cookies on this site are essential, and the site won't work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site.

To control third party cookies, you can also adjust your browser settings.

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views or opens a specially crafted Windows Write file in WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This is a remote code execution vulnerability that is exploited by embedding a specially crafted image in a Windows Write file. The net effect is that it could cause a potential memory corruption error in the Windows Graphics Device Interface, potentially allowing a mode of attack by an unauthorised intruder.
As this vulnerability was privately disclosed through proper channels, SophosLabs does not expect malware taking advantage of this vulnerability to be widely circulated for the moment. Nevertheless, SophosLabs will continue to monitor the situation and will raise detection where necessary.